摘要
Snort是一个基于规则的轻量级网络入侵检测系统.为提高Snort系统的性能,针对其工作流程是单线程的特征,用处理模块间设置缓冲队列、各个协议解码器和链表节点设置忙闲标识等方法实现了对其的多线程改造,并详细描述了改造后系统的工作流程,最后结合简化模型模拟实验结果,分析了改造前后的系统各性能的变化.改造后的系统在检测速度和漏检率等性能方面有所提高,但也增加了CPU的工作量和内存的使用量.
The Snort system is a lightweight network intrusion detection system based on rules. In this paper, the principle, the basic structure and the workflow of this system are analyzed. Aiming at the Snort system working in a single thread, a reform scheme based on the multithreading technique for developing its performance is put forward, including a queue between two function modules and a busy sign flag in every decoder and chain node. The workflow of the reformed system is described then. Finally, the performance of the reformed system is analyzed theoretically associating with the result of a simulated experiment with a simplified model, which shows the detection efficiency is increased and the rate of miss-detection is decreased, but the workloads of CPU and the computer memory are increased.
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2007年第6期887-894,共8页
Journal of Xidian University
基金
国家自然科学基金资助(90604009)
国家青年科学基金资助(60503010)
国家"十一五"密码发展基金资助
